When Consumerism Meets Regulation

In every industry, Americans want better access to their information and more control of their data. But in healthcare, member and patient data is siloed and carefully guarded. You vigilantly guard your members’ data to comply with HIPAA and protect your members from theft.

These protections are obviously for the benefit of your members, but they can create a frustrating experience. For example, when a member changes payers, and they want their data to follow them from one organization to the next. Suddenly, the system which was meant to protect your members becomes a significant inconvenience. Their new payer has to essentially start from scratch, while the previous payer sits on years of claims data, clinical data, and other valuable information.

Moreover, members may also want to share their data if they:

  • Have a primary and a secondary payer
  • Want to use a health app
  • Visit a new provider
  • Need a friend or family member to support them

But right now, many consumers can’t do that, because data sharing is a risk their payers haven’t been willing to take.

Giving members more control of their data

With today’s technology, there’s no reason why consumers can’t have the best of both worlds. That’s why healthcare entities like the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) are now making the desires of customers legally binding for payers.

Starting in early 2020, you’ll still be the gatekeeper of your members’ information, but your members will have the keys—keys they can give to any organization they want. Two new rules proposed by the CMS and ONC will require you to develop an openly published API that lets any third-party app access a specific member’s data—with that member’s approval.

The CMS and ONC state that:

“Every American should be able, without special effort or advanced technical skills, to see, obtain, and use all electronically available information that is relevant to their health, care, and choices—of plans, providers, and specific treatment options.” —CMS and ONC

Keeping member data secure

For healthcare organizations, the proposed rules immediately raise the question: what about HIPAA? Meeting the demands of consumerism means giving your members better access to their data while continuing to protect it. Even though members will be able to authorize access to specific organizations, it will be your job to ensure that their personal health information (PHI) is transferred in responsible ways to responsible parties.

Healthcare organizations need to weigh the risks of every request — requests than can be  declined if sharing information presents too great of a security risk to your members’ data. Even then, though, your members are ultimately in control, and can overrule you. In that case, you are no longer responsible for that risk.

The CMS and ONC say:

“However, if the individual requested that the PHI be transferred, and the covered entity warned them that it was unsecure and the individual said to transfer the information anyway, the covered entity is not responsible for a breach that occurs during the transmission, including any data breach notification obligations.”

In the past, you’ve protected your members from data breaches by simply not allowing third parties to access their data at all. But consumers want to make those decisions for themselves. So now your responsibility is shifting: part of your job moving forward is to inform your members about the risks associated with their decisions. That way they can decide if the benefit of a choice to share their data outweighs the risks.

What this means for the future of healthcare

The new rules proposed by the CMS and ONC are driven by what consumers want. And they’re forcing healthcare organizations to adopt or develop technology that can balance accessibility and security.

This won’t be the last time consumerism drives regulation. Payers can expect these new rules to impact other plans down the road, because these rules are ultimately providing what all consumers want, not just those with Medicare or Medicaid plans. In the years to come, Americans will expect even greater access to their data without sacrificing security.

Regulations like this are essentially changing what it means to be competitive in healthcare. In the future, the data you possess won’t give you as big of an advantage over the competition, because you’ll be required to share it with them. Your competitive edge will come from what you can do with the data you have. How will you leverage data to engage your members, drive down costs, and create better outcomes? The answer depends on the tools at your disposal.

We can help

It’s not easy to balance accessibility with security. And building your tools in-house may ultimately leave you with a less competitive solution. Thankfully, you don’t have to create your own open API. Healthx is developing capabilities to send data in the mandated FHIR format that will allow unfettered member data access and enhanced flow of information between healthcare stakeholders. This will all be wrapped in industry standard, regulation-compliant authentication methods, and it will integrate with all the solutions you have now.

Stay ahead of consumerism

Want to meet the demands of consumerism, and become more competitive? Download our new ebook, 7 Things Members Want When Shopping for Care, where we outline several of the biggest demands facing healthcare today. 

Download your free copy of 7 Ways to Improve the Member Experience When Shopping for Care.